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(54) Title: ACCESS RELAY TO THE SERVER NETWORK, WHICH IS TRANSPARENT TO 
THE CLIENT NETWORK 

(57) Abstract: This invention relates to the interconnection device 4, which is connected 
to the client network 13 with the first physical interface 19 and to the server network 3 
with the second physical interface 14. Interconnection device 4 includes the first relay 
application 22 that receives the datagram from client network 13 addressed to server 
devices 1 and 2 while sending the datagram addressed to server devices 1 and 2 to 
server network 3. Inter-network protocol addresses @S1 and @S2 for server devices 1 
and 2, which connect to the server network 3, are associated with the first physical 
interface 19. Therefore, the datagram that gets back to the application level on the 
interconnection device is provided to the relay application transparent to client network 
13. 

Fig.l 
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[Claim(s)] 



[Claim 1] An interconnection device (4), which is characterized by the inclusion of the 
first relay application (22) that receives the datagram addressed to server devices (1,2) 
from the client network (13) and sends the datagram addressed to server devices (1, 2) to 
the server network (3). It is connected to the client network (13) with the first physical 
interface (19) and is connected to the server network (3) with the second physical 
interface (14), and at least one inter-network protocol address (@S1, @S2) for server 
devices (1,2) that is different from the interconnection device (4) is associated with the 
first physical interface (19). 

[Claim 2] An interconnection device (4), which is characterized by the inclusion of the 
first relay application (22) that receives the datagram addressed to server devices (1,2) 
from the client network (13) and sends the datagram addressed to server devices (1, 2) to 
the server network (3). It is connected to the client network (13) with the first physical 
interface (19) and is connected to the server network (3) with the second physical 
interface (14), and at least one inter-network protocol address (@S1, @S2) for server 
devices (1,2) that is different from the interconnection device (4) is associated with the 
first physical interface (19) and the third physical interface (2), which is different from 
the second physical interface (14). 

[Claim 3] An interconnection device (4) according to Claim 1, which is characterized by 
the fact that the aforementioned address (@S1, @S2) is associated with the first physical 
interface (19) as the address synonymous to the base address (@P1) of the 
interconnection device (4) on the client network (13). 

[Claim 4] A method that executes the relay application (22) between the client network 
(13) and the server network (3) on the interconnection device (4) and enables the client 
application (16) to process the datagram that is sent to the server device (1) of the 
address (@S1) on the server network (3) that is different from the interconnection device 
(4) using the said relay application. It is a method that is characterized by the inclusion 
of the first step that associates the aforementioned address (@S1) to the physical 
interface (19, 20) of the interconnection device (4), which is not connected to the server 
network (3), so that the relay application (22) will receive the aforementioned datagram 
without sending data to the aforementioned client application (16) or constructing the 
said client application so that it can process the datagram. 
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[Claim 5] The method according to Claim 4, which is characterized by the fact that the 
first step is preceded by the second step that routes the datagram, which is transmitted 
to the server device (1) on the client network (13), to the interconnection device (4). 

[Claim 6] The interconnection device (4) according to Claim 1 or 2, which is 
characterized by the possession of an encryption key, which enables the relay 
application (22) to decrypt and transmit the encrypted message sent by the client 
network (13) on the server network (3). 

[Claim 7] The interconnection device (4) according to Claim 1 or 2, which is 
characterized by the inclusion of an encryption key that enables the relay application 
(22) to encrypt and send unencrypted messages that are sent from the server network 
(3) on the client network (13). 

[Detailed Description] 

[0001] 

This invention relates to the field of the information processing network. An 
information processing network enables execution of applications distributed on remote 
devices. These remote devices are connected to the same network or to different 
multiple networks that are interconnected by the interconnection unit. 

[0002] 

Transactions between remote devices are initialized by the client application, which 
sends a request message to the server application, which is in monitoring state. Client 
application then goes into standby state, which waits for a response message to the 
request message. Once it receives the request message, the server application 
generates a response message to send to the client application. Network layer can 
transport each message as datagram, from the device that contains the transmitting 
application to the device that contains the receiving application. Transport layer can 
transport a message first between the transmitting application and the network layer 
and second between the network layer and the receiving application, such as from a 
client application to a server application, for example. Application layer is related to 
the execution of applications in an environment unique to the layer. 
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[0003] 

If the devices are not connected to one physical network, the routing protocol in the 
network layer sends the datagram from the transmitting device to the interconnecting 
device and from the interconnecting device to the receiving device using an 
inter-network protocol address, such as an IP address. Datagram remains in the 
network layer when it passes through the interconnecting device. The network 
between the client device and interconnecting device is called the client network. The 
network between the server device and the interconnecting device is called the server 
network. 

[0004] 

The technical scope that this invention involves in particular is related to the 
interconnection device (proxy) that contains the relay application. The relay 
application is effective in processing the messages exchanged between the client and 
server networks. However, the datagram addressed to the final receiving device does 
not get back to the application layer of the interconnection device. 

[0005] 

According to known prior art, the transmitting application does not directly address the 
final receiving application but rather addresses the relay application in the 
interconnection device and indicates the final receiving application in the message to 
the relay application so that the relay application can re-transmit the message. This is 
done on an Internet browser (browser), for example. On a browser, the address of the 
interconnection device for the network layer and the port number of the relay 
application for the transport layer can be declared against the designated client 
application. Therefore, the browser encloses the address of the server device and the 
port number of the final receiving application in the datagram addressed to the relay 
application. For this, however, the relay application through which the message 
passes must be clear so that the corresponding client device can be configured. As a 
result, this system lacks flexibility. Lack of flexibility may be within tolerable range for 
a limited number of applications but not for a large number of different applications. 

[0006] 

Document RFC 1928, which can be obtained at the Internet address 
http://www.pmg.lcs.mit.edu/cgi-bin/rfc/viewP1928 , describes the protocol "SOCKS 
v5. w The SOCKS program is conventionally located on port 1080. With a solution 
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called "TCP Protocol Tunneling in Web Proxy Servers," too, the first connection to the 
relay application must be configured, and then the second connection that connects to 
the relay device as the final device must be configured. 

[0007] 

In order to resolve the problem described above, the goal of this invention is to simplify 
the configuration of the connection between the client application to the server 
application, so as to be used when the client application does not use the relay 
application service. That is, to make the use of the relay application service 
transparent to the client application. 

[0008] 

The first goal of this invention is in the interconnection device, which is connected to the 
client network with the first physical interface and to the server network with the second 
physical interface. It is characterized by the inclusion of the first relay application, 
which receives the datagram sent from the client network to a server device and sends it 
to the server network, while at least one inter-network protocol address of the server 
device connected to the server network is associated with the first physical interface. 

[0009] 

As a result, once the datagram reaches the first physical interface that is equipped with 
the inter-network protocol address of the server device as the destination address, the 
interconnection device is recognized as the destination device of the datagram by its 
network layer. In that case, the network layer of the interconnection device extends the 
datagram back towards the application layer of the interconnection device by simply 
complying with the predefined protocol. Once the relay application receives the 
datagram, it processes the datagram and may or may not resend it to the server device. 
This is perfectly transparent to the client application. 

[0010] 

The goal of the modified implementation format of this invention is in the 
interconnection device, which is connected to the client network with the first physical 
interface and to the server network with the second physical interface. It includes the 
first relay application, which receives the datagram sent from the client network to a 
server device and sends it to the server network, while at least one inter-network 
protocol address of the server device connected to the server network is associated with 
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a third physical interface, which is different from the first or second physical interface. 
[0011] 

Here, the protocol on the network layer allocates the destination address not to the first 
physical interface that receives the datagram but to an arbitrary physical interface of the 
interconnection device so that it gets back towards the application layer of the 
interconnection device. 

[0012] 

If, for example, the interconnection device already has a valid base address for a routine 
protocol on the client network, the aforementioned address of the server device is 
associated with the first physical interface on the client network as an address 
synonymous to the base address of the interconnection device. 

[0013] 

The second goal of this invention is the method that enables the client application to 
process the datagram that is sent to a server device that has one address on the server 
network on the client network using a relay application, which is executed between the 
client network and the server network on the interconnection device. It is 
characterized by the fact that the physical interface of the interconnection device that is 
not connected to the server network includes the first step that associates the 
aforementioned address on the server network, so that the relay application receives the 
aforementioned datagram. 

[0014] 

This method has an advantage, which is the fact that the relay application does not need 
to configure the aforementioned client application in order to enable the relay 
application to process the datagram, nor does it need to communicate with the 
aforementioned client application. In fact, the client application continues to send the 
datagram using the address of the server device. Once the datagram reaches the first 
physical interface of the interconnection device, the network protocol naturally ensures 
that the datagram gets up towards the application layer of the interconnection device. 
That enables the relay application to receive the datagram. 

[0015] 

When the datagram, which is sent from the client network to the server network, must 
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be routed by the interconnection device, this method is characterized by the fact that 
the second step, which routes the datagram sent from the client network to the server 
device to the interconnection device, precedes the first step. This happens, for example, 
when the number of interconnection device between the client network and server 
network is not limited to one. 

[0016] 

Other advantages and details of the implementation format of this invention will become 
clear from the following description to the attached drawings. 

[0017] 

Drawing 1 shows server devices 1 and 2 and client devices 1 1 and 12. Devices 1, 2, and 
11 are connected to server network 3 with physical interfaces 7, 8, and 17, respectively. 
Client device 12 is connected to client network 13 with physical interface 18. Networks 
3 and 13 are physically different. Interconnection device 4 is connected to server 
network 3 with physical interface 14 and to client network 13 with physical interface 19. 

[0018] 

Applications 5, 6, 15, and 16, which are executed on devices 1, 2, 11, and 12, 
respectively, communicate with one another in the transport layer CT in connectionless 
mode, such as UDP, or in connection mode, such as TCP, based on the protocol. 
Transport layer CT monitors the network layer CR based on the protocol, such as IP. 

[0019] 

In the network layer CR, device 1 is recognized by address @S1, device 2 is recognized by 
address @S2, and device 11 is recognized by address @C1. As it is known, each 
address, @S1, @S2, and @C1, has a network field, which has a common value that 
identifies network 3, and a device field, which has separate values that identify the 
devices that are connected to network 3. Device 12 is recognized by @C2, the address 
that has the network field value that identifies network 13 and the device field value that 
identifies device 12 on network 13. Interconnection device 4 is recognized by @P1, the 
address that has the network field value that identifies network 13 and the device field 
value that identifies the interconnection device 4 on network 13, and by @P2, the 
address that has the network field value that identifies network 3 and the device field 
value that identifies the interconnection device 4 on network 3. 
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[0020] 

The devices communicate with one another with messages that circulate the network as 
datagram. Drawing 2 shows an example of a datagram. This datagram, which is a bit 
frame sequence, mainly consists of three consecutive fields. First field DR is for the 
network layer protocol. Second field DT is for the transport layer protocol, which 
monitors the network layer. Third field DA is for the application layer that monitors the 
transport layer. For a web request, for example, field DR contains the sender's and 
recipient's IP addresses, field DT contains the sender's and recipient's TCP port 
numbers, and field DA contains the HTTP data. 

[0021] 

For example, if client application 15, which is executed on client device 11, executes an 
access request to the file that is processed by the server application 5, which is located 
on server device 1, application 5 sends the request to layer CT of client device 1 1, and 
the layer CT writes the request to field DA, while writing the service port number for 
application 15 and service port number for application 5 to field DT. Layer CT of client 
device 11 sends fields DT and DA to layer CR of device 11. Layer CR writes @C1, the 
address of client device 11 and @S1, the address of server device 1, to field DR. Next, 
the layer CR sends the datagram, which consists of data as described above, to interface 
17, which reaches interface 7 of server device 1. Layer CR of server device 1 recognizes 
that the datagram is addressed to the upper layer of server device 1 from the address 
@S1 and sends the fields DT and DA to layer CT of device 1. Layer CT resends the field 
DA to application 5 based on the service port number of application 5, and finally, 
application 5 processes the request. 

[0022] 

For example, if client application 16, which is executed on client device 12, executes an 
access request to the file that is processed by application 5, which is located on server 
device 1, application 16 sends the request to layer CT of client device 12. Layer CT 
writes the request to field DA, while writing the service port number for application 16 
and service port number for application 5 to field DT. Layer CT of client device 12 
sends fields DT and DA to layer CR of client device 12. Layer CR writes client device 
12's address @C2 and server device l's address @S1 to field DR. Next, layer CR sends 
the datagram, which consists of data as described above, to interface 18, which arrives 
at interface 19 of the interconnection device 4, which is declared as the router between 
networks 13 and 3. 
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[0023] 

If there is no device by this invention, layer CR of interconnection device 4 recognizes 
that the datagram is not addressed to the upper layer of interconnection device 4 
because address @S1 is not an address for interconnection device 4. In that case, layer 
CR of interconnection device 4 searches for the line in the routing table that contains the 
same value as the network field of address @S1. The line that is found indicates 
interface 14 as the access interface to network 3. Layer CR of the interconnection 
device 4 resends the datagram to network 3 using interface 14. As a result, the 
datagram reaches interface 7 of the server device 1. Layer CR of server device 1 
recognizes that the datagram is addressed to the upper layer of server device 1 from 
address @S1 and resends fields DT and DA to layer CT of server device 1. Layer CT 
resends the field DA to application 5, based on the server port number for application 5, 
and finally, the application processes the request. 

[0024] 

With a device of this invention, interconnection device 4 contains application 22, which 
works as a proxy server for the request that is sent from network 13. Application 22 
has multiple advantages. For example, it can restrict access to devices 1, 2, and 11 
that are connected to server network 3. It also protects the responses to preceding 
requests, which is stored in cache memory, and can reproduce responses to new 
requests without sending new requests to the server devices 1 and 2. 

[0025] 

Multiple addresses of layer CR are associated with the physical interface 19, regular 
address @S1, and @P1, the regular address of server device 1, which is connected to 
network 3. Address @S2 of server device 2 can be attached to physical interface 19. 
As more fully discussed hereinafter, with this method, the server network determines 
the service usage of relay application 22, such as its access to server 1, for example, by 
associating address @S1 with physical interface 19, unlike prior art, in which the client 
network determines the service usage of the relay application 22. 

[0026] 

Application 22 includes input port 9, which has the same number as the input port of 
application 5, and output port 10. Any arbitrary request message addressed to 
application 5 can be managed by allocating one number to this output port. 
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[0027] 

Thanks to such special devices, client device 12 does not need to know that 
intermediary connection with interconnection device 4 has been established. When 
application 16, which is executed on client device 12, executes a request that is 
addressed to application 5, which is located on server device 1, address @S1 is now 
recognized by network 13 as the address of interconnection device 4. 

[0028] . 

Application 16 sends datagram Q on network 13, in order to execute the request 
addressed to application 5. Datagram Q contains addresses @S1 and @S2 in the field 
CR, port numbers for applications 5 and 16 in the transport field, and the final 
information addressed to application 5 in field CA. 

[0029] 

Once physical interface 19 of interconnection device 4 receives datagram Q, the network 
layer CR of interconnection device 4 recognizes the destination address @S1 in field DR 
as a unique address and gets the datagram up to the transport layer CT of 
interconnection device 4. Transport layer CT recognizes the destination number in 
field DT as port number 9 of application 22 and sends the content of datagram Q to this 
application. 

[0030] 

Application 22 processes the content of field DA of datagram Q. Processing of 
datagram Q by application 22 includes checking the access rights and checking if 
interconnection device 4 already has a response to the request in its cache memory, in 
order to determine whether datagram Q must be sent to server application 5. 

[0031] 

If application 22 needs to send a request message to application 5 so that it can process 
the request message sent from client application 16, application 22 notifies the 
transport layer CT of interconnection device 4 of the subsequent data, which is the 
content of the request placed in field DA, input port number of application 5, output 
port number of application 22, which is used to manage the responses to requests, and 
@S1, the inter- network protocol address of server device 1. These data are sent to the 
network layer CR of interconnection device 4. Once the network layer CR of 
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interconnection device 4 receives these data, it looks for the network on which the 
datagram will be sent, in the routing table based on the network field of the address @S1. 
In the example provided here, layer CR sends the, datagram that contains the 
destination address @S1 and the sender address @P2, which is associated with physical 
interface 14, in field DR, to physical interface 14, for the network field of the address 
@S1 corresponds to network 3 to which server device 1 is connected. The datagram 
reaches server device 1 and its server application 5 on client server 3 using the 
conventional method. 

[0032] 

Response that application 5 receives on interface 14 is sent up to application 22 by the 
network layer because the address @P2 is the address for interconnection device 4. It 
is sent up to application 22 by the transport layer CT because the port number for the 
response is the number that application 22 allocates to port 10. Using an internal 
mechanism that manages requests and responses, application 22 associates the 
response to the output port number received from application 16. Application 22 
notifies transport layer CT of the interconnection device 4 of the subsequent data, which 
is the content of the request placed in field DA, output port number of application 16, 
input port number of application 22, which is the same as the input port number of 
application 5 in order to manage the responses to requests, @C2, which is the 
destination inter-network protocol address of client device 12, and @S1, which is the 
sender inter-network protocol address of server device 12. These data are sent to the 
network layer CR of interconnection device 4. Once the network layer CR of 
interconnection device 4 receives these data, it looks for the network on which the 
datagram will be sent, in the routing table based on the network field of the address @C2. 
In the example provided here, layer CR sends the datagram that contains the 
destination address @P2 and the sender address @S1, which is associated with physical 
interface 19, in field DR, to physical interface 19, for the network field of the address 
@C2 corresponds to network 13 to which client device 12 is connected. The datagram 
reaches client device 12 and its server application 16 on client network 13 using the 
conventional method. 

[0033] 

As a result application 16 on client device 12 returns the response from application 5 in 
server device 1 without passing through application 22. Passage of application 22 is 
done transparently to client application 16. 
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[0034] 

As seen in drawing 3, address @S1 is associated with interface 14, as described above, 
and here especially to physical interface 20, which is different from interface 19. 

[0035] 

Once the datagram is sent on network 13 with the address @S1, routing protocol of the 
network layer of interconnection device 4 receives the datagram on interface 19 with 
which address @P1 is associated. Since address @S1 associated with physical 
interface 20 is the address of the interconnection device 4, datagram gets up to 
application layer CA of interconnection device 4. 

[0036] 

Relay application 2 1 processes the request message sent from the received datagram, 
just like relay application 22, as described previously. Relay application 22 especially 
provides a pilot to the virtual network to which physical interface 20 is connected, in 
order to send the response message to client device 12. 

[0037] 

Implementation of this invention becomes particularly simpler when the IP address @S1 
is connected to interface 19. In the following simple example, application 16 executes 
the Telnet function as a client application, and relay application 22 executes telnetd as 
the server application of application 16 and Telnet as the client of application 5. 
Application 5 executes telnetd as the server of relay application 22. Telnet and telnetd 
connect the terminal of the client device on which Telnet is executed to the server device 
on which telnetd is executed. This is a known function that uses TCP/IP. 

[0038] 

Each device goes to a different operation system to follow the device that executes the 
command. Client device 12 goes to an AIX system (registered trademark) version 4.1 
and has an IP address of @C1 = 129.182.51.18. Relay device 4 goes to an AIX system 
version 4.2 and has an IP address of @P1 = 129.182.51.21 and @P2 = 192.90.249.22. 
Server device 12 goes to a DNS-E device (dedicated) and has an IP address of @S1 = 
192.90.249.124. Network 13 can be accessed by a known method with an IP address 
@R1 = 129.182.50, mask@Ml = 255.255.254.0. 
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[0039] 

On client device 12, the following command route add-host 192.90.249.124 
129.182.51.21 determines that the sent datagram passes through the relay device with 
the address @P1 in order to reach the server device 1 with the address @S1. 

[0040] 

On server device 1, the following command route add-net 129.182.50 
192. 90.249. 22-netmask 255.255.254.0 determines that the sent datagram passes 
through the relay device with the address @P2 in order to reach all devices on network 
13 with the address @R1. 

[0041] 

On client device 12, the following command Telnet 192.90.249. 124 launches the Telnet 
application in order to reach server device 1 with the address @S1. At this point, the 
only device that can be recognized by the IP address @S1 is server device 1. The IP 
layer of interconnection device 4 routes the datagram sent from the IP layer of client 
device 12 towards the IP layer of server device 1. IP layer of server device 1 recognizes 
the address @S1 and walks back the datagram's application field towards the telnetd 
application of server device 1. Telnetd application of server device 1 sends the following 
message to client device 12 on its way back: 

Trying... 

Connected to 192.90.249.124. 
Escape character is tA ]'. 

$$ 0000 *DNS-E V3U1.000P1.001 P2.019 P3.010*IMA:BX77SIM 1988/ 10/21 17:23* 
[0042] 

The above message indicates that the message is in a DNS system environment; that is 
that it reaches server device 1 directly. It is only when IP routing is executed that it 
passes through relay device 4. 

[0043] 

On client device 12, the following command Telnet 129.182.51.21 launches the Telnet 
application in order to reach the relay device 4 with the address @P1. The IP layer of 
interconnection device 4 recognizes the address @P1 and walks back the datagram's 
application field towards the telnetd application on relay device 4. Telnetd application 
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of interconnection device 4 sends the following message to client device 12 on its way 
back: 

Trying... 

Connected to 129.182.51.21. 
Escape character is 
Telnet (treize) 
ADC Version 4 

(c) Copyrights by IBM and by others 1982 } 1996 
Login: 

[0044] 

Display of the above message on the terminal of client device 12 indicates that the 
message is in an AIX system; that is, that it reaches interconnection device 4. With this, 
commands from the terminal of client device 12, which are executed on interconnection 
device 4, can be managed. 

[0045] 

On interconnection device 4, interface 19 is named enl, and the following command 
ifconfig enl 192. 90. 249. 124. alias determines the address @S1 as an additional address 
associated with interface 19. There is no danger that interconnection device 4 is 
confused with server device 1 by the IP layer on network 13. This is because network 
13 is physically different from network 3. Also, the following command ifconfig enl 
192. 90. 249. 125. alias determines the address @S2 as an additional address associated 
with interface 19. 

[0046] 

Back on client device 12, the following command Telnet 192.90.249.124 launches a 
Telnet application that has an effect different from the one noted above. The following 
message is displayed on the terminal of client device 12: 

Trying... 

Connected to 129.182.51.21. 
Escape character is 
Telnet (treize) 
ADC Version 4 
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(c) Copyrights by IBM and by others 1 982, 1 996 
Login: 

[0047] 

Display of the above message on the terminal of client device 12 indicates that the 
message is in an AIX system of interconnection device 4. Even though connection to 
the telnetd application on server device 1 was requested using the address @S1, the 
command executed the connection to telnetd application on server 4. This can be 
explained by the fact that the IP layer of interconnection device 4 recognized address 
@S1 as the unique destination address to interconnection device 4 without considering 
routing it to network 3. Therefore, the IP layer of interconnection device 4 walks back 
the application field of the datagram that was received on interface 19 towards the 
telnetd application on interconnection device 4. 

[0048] 

On interconnection device 4, the following command Telnet 192.90.249.124 launches a 
Telnet application in order to reach server device 1 with the address @S1. At this point, 
the only device that can be recognized by the IP address @S1 by interface 14 is server 
device 1 . The IP layer of server device 1 recognizes the address @S 1 and walks back the 
datagram's application field towards the telnetd application of server device 1. Telnetd 
application of server device 1 sends the following message to the Telnet application on 
interconnection device 4 on its way back: 

Trying... 

Connected to 192.90.249.124. 
Escape character is tA ]\ 

$$ 0000 *DNS-E V3U1.000 PL001 P2.019 P3.010*IMA:BX77SIM 1988/ 10/21 1 7:23* 
[0049] 

This message is resent towards the Telnet application of client device 12 by telnetd 
application of interconnection device 4. Display of the above message on the terminal 
of client device 12 indicates that the message is in a DNS system and that it will reach 
server device 1. However, the application field of the datagram walks back the 
application layer of relay device 4 transparent to client device 12. 
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[0050] 

The above method in manual operation can be implemented by a program that is 
executed by the application layer of interconnection device 4. 

[0051] 

The destination datagram of server device 1 that passes through the IP layer of 
interconnection device 4 walks back the application layer of interconnection device 4, 
for address @S1 is associated with the physical interface of interconnection device 4. 
In order to avoid clashing with server device 1 on network 3, it is better not to connect 
address @S1 to interface 14. By referring to drawing 3, address @S1 can be associated 
with a physical interface other than interface 19, such as physical interface 20, for 
example. 

[0052] 

A special processing example by relay application 22, which is described here, has a 
special advantage. When an encryption key is associated with address @S1 to encrypt 
the request from client device 12 and response to client device 12, interconnection 
device 4 will be able to decrypt the request and encrypt the response. The data can be 
circulated without any danger by getting decrypted on server network 3. Therefore, 
encryption and decryption resources are concentrated on interconnection device 4, and 
resources that can be used for server functions are left on server device 1 as much as 
possible. Relay application 22 can also encrypt the response once again before sending 
it on network 13. 

[Brief Description of Drawings] 

[Drawing 1] 

This drawing shows an example of an interconnection device that has two physical 
interfaces . 

[Drawing 2] 

This drawing shows an example of a datagram. 
[Drawing 3] 

This drawing shows an example of an interconnection device that has three physical 
interfaces. 
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£raao unaa^, i prKi^t lt@c i = 1 2 9. is 2. 51. 5 8 

£#-f&o 4>flt%1t4tiU A-i/3V4. 20AIX^fAt:Hl*v>, IP7 
KV*fc LT@P 1 = 1 2 9. 1 8 2. 5 1. 21fc,@P2=192. 9 0. 
2 4 9. 2 2 £#1-& 0 ^-^11 214, DNS -Eg® (*ffi) 
I P7 Kl^Xt LT@S 1 = 1 9 2. 9 0. 2 4 9. 1 2 4 ^n. ^7>7 
-^13J4, I P7 KV*@R 1 = 1 2 9. 1 8 2. 5 0 , ^©M 1 = 2 5 
5. 2 5 5. 2 5 4. 0 J: , 9HhtlX\/>i1j&-?T 9 -t xnTt£-C& & 0 
[0 0 3 9] 

?H7^ h^Il 2K£V>T, *037'/K 

route add-host 192. 90. 249. 124 129. 1 

8 2. 5 1. 2 1 

{4, gfif-^^A**, 7 KW7,@S lot- UrflJJi-r&rt: 7 

KV*@P l £fc£ft£1"*o 
[0 0 4 0] 
■^-^'Sf: lK^T, ^nv^K 

route add-net 129.182.50 192.90.249 
. 22-netmask 255. 255. 254. 0 

14, SHty'-* i^y^HK 7 Kl^OR 1 ? Yl-t 1 3 <D$> t>® SgfC 
$Jj|-f 7 K1/X@P 2 04 J $gS£M-r*-«!:£&5£l-&o 



(16) #£2 00 3-5 09 96 9 

[0 0 4 1] 

*9-f 7> MIS 1 2K&^X, -JkOn-vy K 

Telnet 19 2.90.24 9.124 
fi, 7 Kl^*@S l©"9--^»illKi!iai-4fcftK % Te l n e t 77*'J'5r- 
->a>*f^K|1-4. £©g»-C, I P7 Kl/*@S 1 fc* *>tt«* ft* 

fcflJ*ot\ ?9J7> FSfl 20I PJiji^^^tLiT-^^^ASr^-r 
-f >^t4o t-^ilW I PJf 7 n^*@s 1 £g.§$u ^-^g-B 1 
<Dt e 1 ne t d 7 7* 1 ; -7" - a V\z$\friXT- 9 7 7 J*<D7 >r -~s a > 
t-^il©t e 1 n e t d 77*'J*-v' a Wk^ 

Trying. . . 

Connected to 192. 90. 249. 124. 
Escape character is '"]'. 

$$ 0000 * DNS-E V3U1. 000 PI. 001 P2. 0 
19 P 3. 0 1 0* IMA : BX7 7 S IM 1 9 8 8/ 1 0/2 1 1 7: 
2 3* 

[0 0 4 2] 

^7^7>fgf 1 2<£3ffi*K33>t£±fa> y-t-vO^f^ 

->** s d n s ^ , i-ft*>*-9— i Km&mM-fz> - 1 * 

"C & o 

[0 0 4 3] 

Telnet 12 9.182.51.21 
•hK 7 K1/7.0P 1 co4>*$3£g4 taia-r*fc*»-T elnet 77*'; a 
>*<m-f2>o ffl2»i6a61t4«) I P^l*7 KU*@P 1 *R«U + ®gfi4 
^)teUetd77'n-v'3 Vfcfoj^oTT*-* ^JA^T^'J a V 

7^ K4jB*o ffl2«»Hll4 0 t elnet d 77*'J a 



(17) #^2 00 3-5 0996 9 

Trying. . . 

Connected to 129.182.51.21. 
Escape character is '*]'. 
Telnet (treize) 
AIX Vers i on4 

(c) Copyrights by IBM and by others 
1 9 8 2. 1 9 9 6 . 
L o g i n : 
[0 0 4 4] 

v#A I Xy^fAdiU»), 4 fcJO&l-* £ k ^ 

[0 0 4 5] 

K 

ifconfig enl 192. 90. 249. 124. alias 
fr\ r/^-7x^ 1 9 KlSSftNt&ftiilillT Kl/Xt LX7 Kl/*@S 1 

4:ffliHS*t**-€-itU4v»o h7-^ 1 3 *y h7-^ 3 i: 

ifconfig enl 192. 90. 249. 125. alias 
Ji, 0?-7x>-X 1 9 KIMittttt€>*l4iSj!j||7 LT7 Kl^*@S 2 

[0 0 4 6] 

9 u yy ymw. i 2 cRii, ^7n* 

Telnet 192.90.24 9.124 
±IEi: »4H*4«l*t»oT e 1 n e t T/'J^-i/g >Zft$)tZo * 7 



I 



(IB) ^2003-509969 

Trying. . . 

Connected to 129.182. 51. 21. 
Escape character is '*]'. 
Telnet (treize) 
AIX Vers i on4 

(c) Copyrights by IBM and by others 
1 9 8 2, 1 9 9 6 . 
Login: 

[0 0 4 7] 

* 9^ T> h&W 1 2 0«*twi5»t2)±IB^ -y-b-v^^tis ££M y-fe- 
ffi£SiRjfit4«)A I X->XrA^i|I^Jui * 7K^@S 
1CJ: >9, t-AgiKot e 1 n e t d 77*'J a '<"^>8M6&*afcK: 
**dvb$>t\ 37'/ Kli, ffl£»««ii4©t e 1 n e t d 77*'J a > 

4<0 I PJi«i, raa^i4(Dt elnet d 77 ,, J ^- a > KIrI^oT, 
r^-7i-^l 9T3MtLfc"7*-*$ r ?A*>77* , )$---;'a > 7 * K* 

[0 0 4 8] 

ffissScHS 4 -cii , ^37n* 

Telnet 192.90.24 9.124 
# % 7KV*@S 1 <D*r~'*&n 1 Telnet 77>)tr- 

a COSPTCtt* 0?-7i-X 14^f>IP7 KW*@S 

l K£ igigl&Stt&nt-^mj^ *-^H1t l T*4 0 V-^£Wl <oi P® 
ii, 7 Kl/*@S 1 *B«U t-^'Hf l^t elnet d7yn->3 > 
i:|fil^otf , -?^7AW77 ,| jy->' a >74 K4:Ji4o -t-^OT 1 *> 
telnet d 77'J v a V 4 OT e 1 n e t 77* 



(19) #£2 0 0 3-5 09 96 9 

Trying. . . 

Connected to 192.90.249.124. 

Escape character is '"]'. 

$$ 0 0 0 0 * DNS-E V3U 1. 0 0 0 PI. 001 P2. 0 
19 P 3. 0 1 0* IMA : BX7 7 S IM 1988/10/21 17: 
2 3* 

[0 0 4 91 

Z<D* y-t-fli, * ?-f T> h&Wl 2<7)T e 1 netT^'J^-va^i: 
fa*oTffl:E«5iR!£fi4<0 t e 1 n e t d77'^->3'/CJ: ^Sj3l?*L*o 

DNS->*rA<&ilWlK*»K t-^lfl Ug|3i1-4ifc«:*1-o L^Lft** 
<b, f-^7A<07^'Jt--/3i'7^)l'KIJ, 9 94 7> hit 1 2 Kft 
LT h 9>^7V V h cp$gtt4 <07"f x )*-*s a 
[0 0 5 0] 

7-a7 J: ft _LfB<0 , ffiSSftlgll 407^'J^-->a>«C 

[0 0 5 1 ] 

IiSIf407^n-ya >**JB4o h7-* 3 fcfcHT*- Afgfi 
1 i:«>flr&**»t*fc*fc, 7 KW*@S l^-f>?-7x-X14 IcUf^L* 

v*£fcs& f gJS L«/>o [33 fcfcJRT* t , 7 KU*@S 1 *, W ^-7*-^ 1 
9lckW-<D%SmJ V*-7*-*, fctx.tflZlg'f V^-7x-X 2 0{C^5I#»t 

ftd t#-C§ft 0 
[ 0 0 5 2] 

£f?S2*Lfc't»*7 7* , J*---;'3 >2 2fcift#ai«:«tJi«li, «rJ04ftffi 

£#-t-ft 0 ng-§-fk*-&r ki^@s i uMiitttt, *5>f 7> hgf 1 2ri>£> 

^g^fcj:^^ 7> bggl 2%TOl5^Bg^k-tft^^ 3?*^>BS^» 



(20) ^2 00 3-509 96 9 

[si] 

[02] 

f-^^9Ao-WISr*1-ia"C*4o 
[03] 

3 mommj v * - 7 * - * zmz. tzW5&?m.w<n>-n ^tM*, 
inn 

Fig.l 




(21) 
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